Which component is this bug for?
Traceloop SDK
📜 Description
cuid package set as dependency has known security issues that led to deprecating the original package and results into sonatype error sonatype-2023-2645.
This causes Sonatype to put traceloop-sdk in quarantine and avoid install on business environments.
A cuid2 package is available with various porting, including Cuid2 for Python.
traceloop-sdk package seems to use cuid just in lines in packages/traceloop-sdk/traceloop/sdk/experiment/experiment.py file lines 125 and 310 so impact should be minimal.
👟 Reproduction steps
reproduction is obtain by installing the latest traceloop-sdk version 0.60.0:
pip install traceloop-sdk
Looking in indexes: https:///repository/pipy.org-group/simple
Collecting traceloop-sdk
Using cached https:///repository/pipy.org-group/packages/traceloop-sdk/0.60.0/traceloop_sdk-0.60.0-py3-none-any.whl (88 kB)
Requirement already satisfied: aiohttp<4,>=3.11.11 in c:\users\j18338-cyberark\repo\ca_r4296_be_vendor_connector.venv\lib\site-packages (from traceloop-sdk) (3.13.5)
Requirement already satisfied: colorama<0.5.0,>=0.4.6 in c:\users\j18338-cyberark\repo\ca_r4296_be_vendor_connector.venv\lib\site-packages (from traceloop-sdk) (0.4.6)
Collecting cuid<0.5,>=0.4 (from traceloop-sdk)
ERROR: HTTP error 403 while getting https:///repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz#sha256=74eaba154916a2240405c3631acee708c263ef8fa05a86820b87d0f59f84e978 (from https://repository/pipy.org-group/simple/cuid/)
[notice] A new release of pip is available: 25.1.1 -> 26.1.1
[notice] To update, run: python.exe -m pip install --upgrade pip
ERROR: Could not install requirement cuid<0.5,>=0.4 from https://it/repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz#sha256=74eaba154916a2240405c3631acee708c263ef8fa05a86820b87d0f59f84e978 (fro
m traceloop-sdk) because of HTTP error 403 Client Error: -------------------->>> Requested item is quarantined -------------------->>> FOR DETAILS SEE ------>>> https://nexusfirewall.cariprpc.it/ui/links/malware-defense
/repositories/quarantinedComponent/NmFiZmM1Y2Q1YTFiNDNlOGE0ODc3YTExNzdhNTIzYjQ <<<------ for url: https:///repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz for URL https:///repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz#sha256=74eaba154916a2240405c3631acee708c263ef8fa05a86820b87d0f59f84e978 (from https:///repository/pipy.org-group/simple/cuid/)
👍 Expected behavior
traceloop should depend on cuid2 to solve the issue
👎 Actual Behavior with Screenshots
🤖 Python Version
3.11
📃 Provide any additional context for the Bug.
No response
👀 Have you spent some time to check if this bug has been raised before?
Are you willing to submit PR?
Yes I am willing to submit a PR!
Which component is this bug for?
Traceloop SDK
📜 Description
cuidpackage set as dependency has known security issues that led to deprecating the original package and results into sonatype error sonatype-2023-2645.This causes Sonatype to put
traceloop-sdkin quarantine and avoid install on business environments.A cuid2 package is available with various porting, including Cuid2 for Python.
traceloop-sdkpackage seems to use cuid just in lines inpackages/traceloop-sdk/traceloop/sdk/experiment/experiment.pyfile lines 125 and 310 so impact should be minimal.👟 Reproduction steps
reproduction is obtain by installing the latest traceloop-sdk version 0.60.0:
[notice] A new release of pip is available: 25.1.1 -> 26.1.1
[notice] To update, run: python.exe -m pip install --upgrade pip
ERROR: Could not install requirement cuid<0.5,>=0.4 from https://it/repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz#sha256=74eaba154916a2240405c3631acee708c263ef8fa05a86820b87d0f59f84e978 (fro
m traceloop-sdk) because of HTTP error 403 Client Error: -------------------->>> Requested item is quarantined -------------------->>> FOR DETAILS SEE ------>>> https://nexusfirewall.cariprpc.it/ui/links/malware-defense
/repositories/quarantinedComponent/NmFiZmM1Y2Q1YTFiNDNlOGE0ODc3YTExNzdhNTIzYjQ <<<------ for url: https:///repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz for URL https:///repository/pipy.org-group/packages/cuid/0.4/cuid-0.4.tar.gz#sha256=74eaba154916a2240405c3631acee708c263ef8fa05a86820b87d0f59f84e978 (from https:///repository/pipy.org-group/simple/cuid/)
👍 Expected behavior
traceloop should depend on cuid2 to solve the issue
👎 Actual Behavior with Screenshots
🤖 Python Version
3.11
📃 Provide any additional context for the Bug.
No response
👀 Have you spent some time to check if this bug has been raised before?
Are you willing to submit PR?
Yes I am willing to submit a PR!